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Abstract —Data attacks on meter measurements in the power 
grid can lead to errors in state estimation. This paper presents a 
new data attack model where an adversary produces changes 
in state estimation despite failing had-data detection checks. 
The adversary achieves its objective hy making the estimator 
incorrectly identify correct measurements as had data. The 
proposed attack regime’s significance lies in reducing the min¬ 
imum sizes of successful attacks to more than half of that of 
undetectable data attacks. Additionally, the attack model is able 
to construct attacks on systems that are resilient to undetectable 
attacks. The conditions governing a successful data attack of 
the proposed model are presented along with guarantees on its 
performance. The complexity of constructing an optimal attack 
is discussed and two polynomial time approximate algorithms for 
attack vector construction are developed. The performance of the 
proposed algorithms and efficacy of the hidden attack model are 
demonstrated through simulations on IEEE test systems. 

I. Introduction 

One of the basic facets of research and actual deployment 
in smart grid has been increased data collection from differ¬ 
ent meters for improved monitoring and control of dynamic 
events. Accurate data collection also aids formation of optimal 
prices and price-responsive demand. However, a data driven 
approach makes the grid vulnerable to cyber-attacks on meter 
measurements. A coordinated data attack on meter record¬ 
ings in Phasor Measurement Units (PMUs) III and Remote 
Terminal Units (RTUs) or on the communication channels in 
Supervisory Control and Data Acquisition (SCADA) systems 
can in principle lead to incorrect electricity prices as well as 
to large blackouts. 

Data attacks on meter measurements in the power grid is 
an active area of research. The authors of Q first intro¬ 
duced the problem of undetectable data attacks that bypass 
bad-data tests at the state estimator. Simple linear algebraic 
techniques show that if the malicious measurements lie in 
the column space of the measurement matrix, the attack goes 
undetected. In reference |2l, an attack vector consisting of 
the malicious measurements is constructed using projection 
matrices based on the measurement matrix. This work has 
been followed by several techniques to select locations for 
introducing data attacks under different grid conditions and 
adversarial objectives. Reference 0 discusses the construction 
of an optimal hidden attack that requires manipulation of the 
minimum number of measurements using Iq and li recovery 
methods. Reference i) studies the creation of the optimal 
attack vector as a mixed integer linear program. The authors 
of 0 discuss graph based design of optimal attack vectors for 
systems observed by PMUs. Data attacks aimed at affecting 
the estimation of a pre-specified set of state variables is 


presented in Jh). A heuristic based detector for malicious data 
is presented in ||71. 


A majority of the prior work in this area focus on con¬ 
structing hidden data attacks that evade bad-data detection tests 
at the state estimator. In this paper, we analyze a detectable 
regime of data attacks. It is worth mentioning that at the state 
estimator, bad data detection is followed by a scheme for 
bad-data identification. Our proposed attack regime succeeds 
despite detection by deceiving the bad-data identifier into 
labeling uncorrupted measurements as bad data. While writing 
this manuscript, we discovered a related work demonstration 
detectable data attacks in 0 . The attack model in 0 searches 
for an optimal hidden attack and then creates a detectable 
attack by corrupting only half of the measurements necessary 
for a hidden attack. In a sense, our model is a generalization 
of the framework used in ID, with some key differences. 
Our attack model considers power system cases where a 
subset of the measurements are incorruptible by the adversary. 
By overcoming the presence of incorruptible measurements, 
the cardinality of our data attacks can be reduced by more 
than 50% of the cardinality of the optimal hidden attack, 
whereas in 0, the reduction in cardinality is exactly by half. 
More importantly, unlike the framework in 0 our detectable 
attack model is able to greatly expand the range of feasible 
attacks to configurations where no hidden attacks are possible. 
Eurther, we show that considering incorruptible measurements 
in the system makes the problem of constructing an optimal 
detectable attack NP-hard in general. In contrast, detectable 
attacks that do not overcome incorruptible measurements can 
be constructed in polynomial time in our measurement set-up. 


The rest of this paper is organized as follows. The next 
section presents a description of the system model used in state 
estimation and bad-data detection, and then introduces our data 
attack model. We derive conditions necessary for a successful 
attack of our regime and provide provable guarantees on their 
cardinality in Section III The two approximate algorithms to 
design an optimal attack vector for our regime are presented 
in Section IV Both of them require information limited to 
the structure of the measurement matrix and do not need 
the numerical values of grid parameters. Simulations of the 
proposed algorithms on test IEEE bus systems are shown in 
Section |V] Einally, concluding remarks and future directions 


of work are presented in Section VI 






Fig. 1. State Estimator for a power system Qo), ED 


II. Power Grid State Estimation and Attack 
Models 

We represent the power grid by an undirected graph {V, E), 
where V denotes the set of buses and E represents the set of 
transmission lines connecting those buses. In this paper, we 
consider DC power flow model ini for state estimation in 
the grid that is given by; 

0 = Hx + e (1) 

Here z G M’" is the m length vector of measurements. We 
consider two kinds of measurements collected through con¬ 
ventional meters and PMUs in the grid. These include: a) flow 
measurements on lines and b) voltage phasor measurements on 
buses. X G M" is the state vector of length n and consists of 
the bus phase angles. E[ is the measurement matrix and e is a 
zero mean Gaussian noise vector with covariance E. Let the 
entry in z measure the power flow on the line between 
nodes i and j. We have z{k) — Bijx{i) — Bijx{j), where 
Bij is the magnitude of susceptance of the line The 

corresponding row in the measurement matrix 7T is given 
by iJfc = [0..0 Bij 0..0 — Bij 0..0]. Similarly, let the 
entry in z measure the phase angle at bus i. The corresponding 
row Ell in the measurement matrix is Eli = [0..0 1 0..0] with 
one at the position. We assume m > n and full column 
rank of matrix H, as necessary for unique state estimation. 

State Estimator: The schematic diagram of the state es¬ 
timator in the grid is shown in Figure [T] cni, HU. For 
the DC model in Equation a Weighed Least Square 
(WES) Estimator gives the optimal state vector estimate x* by 
minimizing the weighted measurement residual’s magnitude 
J{x,z) = |jE“'®(z — Hx)\\ 2 - The estimator then uses the 
following threshold (A) based test to detect the presence of 
bad-data. 

\\'E~'^{z — E[x *)\\2 < ^ accept x* 

> A detect bad-data (2) 

Removal of Bad-data: Once bad-data is detected, the 
estimator tries to remove the bad-data and then re-estimate the 
state vector. The measurement residual vector r corresponding 
to the estimated x* is given by r = z — Hx* = \I — 
Tr(£f'^S-iiT)-iiT'^S-i]z d, HI]- Using this relation, we 
can derive the variance Rr of residual r as well as the nor¬ 
malized residual of the data. It is shown in ifTOl . ifTTl that for 


the general case of multiple bad data entries (as in our case), 
a sequential bad-data remover described in previous literature, 
is sub-optimal. The optimal strategy for the estimator is to 
remove the minimum number of measurements such that the 
residual produced by the remaining measurements passes the 
bad-data detection test in Q. In addition, the estimator needs 
to ensure that the removed measurements do not lead to a 
loss of rank in the measurement matrix as that will make the 
system unobservable. The optimal bad-data removal procedure 
is formulated as the following non-convex problem cni: 

min |j(l-d)||o (3) 

dGlO,!}™ 

s.t. rank{Hd)=n, J{x*,Zd)<Xd (4) 

Here, Hd, Zd, J{x*,Zd) and Xd respectively denote the 

updated measurement matrix, measurement vector, minimum 

weighted residual magnitude and threshold obtained after the 
measurements corresponding to 0 entries in d are removed. 

A. Attack Models 

Let the adversary introduce an attack vector a in the 
measurements to generate the corrupted measurement vector 
z = z + a. We assume that the adversary is interested 
in constructing a feasible attack using minimum number of 
corrupted measurements (||a||o). In a realistic setting, an ad¬ 
versary may be incapable of modifying certain measurements 
due to geographical isolation or heightened encryption. We 
call this set of incorruptible measurements as Sm and the 
complimentary set of corruptible measurements as S^. Note 
that measurements in Sm suffer from noise and measurement 
errors; they are just free of adversarial manipulation. Next, 
we briefly describe hidden data attacks that bypass bad-data 
detection checks. 

Undetectable Data Attack: Observe that if a = He, the 

measurement residual stays the same as \\'E~{z — Hx *)\\2 = 
||E“-®(z-f a — H{x* +c))|| 2 . Thus, an erroneous state vector 
a;* -f c is produced without raising any alarm at the bad-data 
detector ||2l. The solution to Problem |P-1| below gives the 
adversary’s optimal attack vector IJI, ifsT 

min ||a||o (P-1) 

cGR^-fO} 

s.t. a = He, a{i) = 0 Vi e Sm {Sm- incoiTuptible set) 

Data Attack with Detection: We now discuss our proposed 
detectable attack model. We assume that without any adversar¬ 
ial manipulation, measurement z or any observability preserv¬ 
ing subset of z is capable of producing a correct state estimate 
X*. Consider a data attack vector a that fails the bad-data 
detection test. For the bad-data identification scheme given in 
0. this data attack can nonetheless change the state estimate 
if removal of k < |ja||o measurements is sufficient to satisfy the 
bad-data detection test while maintaining system observability. 
This provides the conditions needed by a feasible dat attack 
of our proposed model. Construction of an attack vector for 


















this regime is given by the following optimization problem: 


min |ja||o (P-2) 

delo,!}"* 

s.t. o = d * (iJc), c € K" — {0} (5) 

a{i) = 0 Vi € Sm {Sm- incorruptible measurements) 
||a||o > 11(1 - d) * (idc)llo (6) 

rank{DH) = n where diag{D) = d (7) 


min ||a||o (P-3) 

cZG{0,1}”^ 

s.t. a = d* (Ahc), a{i) = 0 Vi € Sm 
ce {0,1}"+^ -{ 0 }, c(n-f 1) =0 
||d* (^irc)llo > l!(l-d) * {Ahc)\\o (9) 

rank{DAH) = n where diag{D) = d (10) 


In Problem [P-2| D is a diagonal matrix with diagonal given by 
vector d. a* b represents element-wise multiplication between 
two vectors a and b. Unlike Problem EH here a does not lie 
in the column space of H as certain entries in the attack vector 
are deleted by the binary vector d. Condition ensures that 
the estimator incorrectly identifies uncorrupted elements of z 
as bad-data. Note that after removal of bad data, the attack 
vector a = d * (He) passes the bad-data detection test as it 
lies in the column space of the updated measurement matrix 
DH. In the next section, we discuss the design of an optimal 
attack vector for Problem IP-21 


III. Optimal Attack Vector Design 


Consider the DC measurement model for a n bus system 
given in Equation ([^. We now introduce a reference 

bus with phase angle 0 and augment c to form vector c = q . 
We also add one extra column after the rightmost column 
in measurement matrix H to create a m times (n-l-1) modified 
measurement matrix H. We put — 1 in ft,® for every row in H 
with a phase angle measurement and 0 otherwise. We now 

have He = He = [H \ ft®] ^ 

augmented measurement matrix H represent flows. We now 
state the following theorem without proof from 13. 

Theorem 1 (||5l Theorem 1]). There exists a non-zero binary 
0 — 1 vector eopt of size n times Ifor an optimal attack vector 


. Note that all rows in the 


a* for Problem P-1 such that ||a*||o = ||77copt||o. 


In a similar way, it can be proven through contradiction 
that the optimal attack vector a* for Problem |P-2| also 


corresponds to a non-zero binary 0—1 vector Copti with 
||a*||o = \\d * HcoptiWo- 

Next we create a new matrix Ah by replacing magnitudes 
of all bus susceptance in H with unity. 


Ah{iJ) = l{H{fj) > 0) - l(i7(z, j) < 0) 


( 8 ) 


Observe that Ah represents the incident matrix for a graph 
with n + 1 nodes, with edges corresponding to measurements 
in H. We denote the graph represented by Ah as Gh- The 
(n + 1)*^ node in Gh represents the reference bus with phase 
angle 0. Notice that for any 0 — 1 vector c = q , ||77c||o = 

II^jtcIIoj where the non-zero values of Ahc represent a cut 
in graph Gh between the nodes with c{i) = 0 and the nodes 
with c{i) = 1. We now write the attack vector design for our 


proposed Problem P-2 in terms of Ah as: 


Observe that non-zero values in Ahc define a graph-cut in 
Gh, out of which the edges with value 1 in d are included 
in the attack vector a. a of course does not include any edge 
in Sm- Further, condition implies that an attack vector 
is feasible if the number of cut-edges included in the attack 
vector a is strictly greater than half of the cut-size. Our 
principal result on constructing an optimal data attack of our 
proposed regime is given in the following theorem. 

Theorem 2. Let Ga* be a minimum cardinality cut in Gh 
such that the number of cut-edges in Ca- that belong to Sm 
is strictly less than half of the cut-size |Cq» j. An optimal attack 
vector for Problem |P-3| is given by a subset of cut-edges in 
Ga* n Sm of cardinality [1 + jCa* |/2J. 

Proof: Let a* denote the attack vector with non-zero 
entries corresponding to [l+jCa* |/2J edges in Ca^fiSm. Thus 
||a*||o is greater than |C'a*|/2 and condition is satisfied. 
The edges of Cq* excluded from a* are removed as bad- 
data by the estimator. System observability is preserved if 
graph Gh stays connected after bad-data removal. If the graph 
becomes disconnected after the bad-data removal, we can form 
a smaller feasible graph-cut using a subset of the removed 
edges and the ones with non-zero values in a*. This contradicts 
the definition of Ga-- Hence observability is maintained by 
Ca*. ■ 

We now prove some important results on the adversarial 
potential of data attacks of our regime as compared to unde¬ 
tectable attacks. 


Lemma 1. Let a* (undetectable attack) and aj (detectable 
attack) respectively be the optimal attack vector designs for 
Problem \P-1\ and Problem \P-2\ formulated for the same 

" ‘"^)J 


system. Then the following holds: jja^Ho ^ L(1 + 


Proof: Note that if we fix d = 1 in Problems |P-2 


(= Problem P-3 1 , it reduces to Problem P-1 The optimal 
undetectable attack vector a* is given by Hcu 3cu f 0. Let 
l|o«llo = k with the non-zero entries in a* being located 
at positions 1 to k. Consider ad such that ad{i) = 
for i € {1, [(1 + |)J} and 0 elsewhere. It can be easily 
verified that ad is a feasible detectable attack for Problem 


P-3 As is the optimal attack for Problem P-3 we have 


|a5llo< 


la'^llo 


= L(i + 


-)J- 


Note that this provides only an upper bound on the cardi¬ 
nality of optimal attack vectors and in practice, the reduction 
in cardinality can be much greater. Further the following is 
true: 


















Lemma 2. The set of system conditions with feasible data 
attacks for Problem |f-3| is larger than that for Problem \P-1\ 

Observe that every undetectable attack can give a corre¬ 
sponding feasible detectable data attack with detection for our 
proposed regime. However, data attacks with detection can 
exist for cases where no undetectable attacks are possible. For 
example, no undetectable attack exists if every cut in Gh 
includes at least one incorruptible measurement. An attack 
with detection may exist if the number of edges of Sm in 
a cut is less than the cut-size. The next result (proof omitted 
for brevity) shows that for preventing detectable attacks, at 
least 50% of the measurements need to be incorruptible. 


Corollary 1. An attack vector for Problem P-3 always exists 
if less than half of the measurements in the system are 
incorruptible. 


Thus, the number of incorruptible measurements needed to 
prevent a detectable attack scales with the number of edges, 
whereas that needed to prevent hidden attacks scales with 
the number of nodes in Gh- In the next section, we discuss 
two approximate algorithms to generate attack vectors for this 
regime. 


IV. Algorithm For Attack Vector Construction 


Theorem gives the computational complexity of finding 


the optimal attack vector in Problem P-3 


Theorem 3. Problem IP-51 is NP-hard. 


Proof steps: We prove this by showig the NP-hardness of 
determining the existence of a feasible solution of Problem [F] 
1^ Consider the case of Gh being a complete graph with cut 
G separating the nodes into sets A and Let the number of 
edges of Sm in cut C be cuts^{A, A^^). For feasible attack, 
cuts^{A, A'^) should be less than half of the cut-size |A||A'^| 


(complete graph). Thus, we need 


CUtSm 


< .5. This 


|A||A=| 

represents a ratio-cut of value less than .5. Thus our problem is 
equivalent to establishing the existence of a ratio-cut of value 
less than .5, a known NP-complete problem ifT^ . 

We now discuss two approximate schemes to find the 
optimal solution for Problem P-3 The first scheme uses a 


Semi-definite Programming based randomized approach M- 
(a) SDP approach: Our SDP based technique builds upon 
the randomized solution for max-cut given by Goemans and 
Williamson Ha. The following is a SDP relaxation to find 
the optimal feasible cut in Gh- 


min (L\t,xx^) 

CG {- 1 . 1}-+1 


Relax 


S.t. 


{L‘' 




< -1 


(P 


{Ljj,X)<-A 


Here, 5'"+^ is the space of positive semidefinite matrices of 
size (n-l-1). is the standard Laplacian matrix for graph Gh 
with edge-weights unity, while, is a modified Laplacian 
for Gh where edges in Sm and Sm are given weights of 1 and 
— 1 respectively. The original problem tries to label nodes in 


Gh with values in {—1,1} so that {L\j, xx "’')/2 represents the 

(L^ XX^) 

cut-size. —- < — 1 ensures that the cut contains greater 

number of edges of S^ than of Sm- Following the work in 


m, we give randomized Algorithm 1 for Problem |P-3 


Algorithm 1 SDP Relaxation for Problem 


P-3 


I: Solve Problem P-4 to get X*. Generate X* = B^B by 
Cholesky decomposition. 

2: Randomly pick a vector w G 
3: for i = Iton -f 1 do 

4: x{i) = li{B{i ,:), w)>0)- l{{B{i, :),w) < 0) 

5: end for 

6: if {L'j^,xx'^) < 0 then 

7: Output optimal attack as subset of 1 -f edges 

of Sm in cut defined by x. 

8 : end if 


(h) Iterative Min-cut approach: The min-cut of Gh 
computed using unit-edge weights may contain more edges 
of set Sm than of S^ and can be infeasible. Our approximate 
Algorithm 2 tries to overcome this by iteratively computing the 
min-cut with smaller edge-weights for set Sm- In particular, 
steps 1^ to 11 reduce the edge-weights for S^ to replace the 
current infeasible min-cut (C) of cardinality c by a feasible cut 
(if it exists) of cardinality c-|-5. If lowering edge weights alone 
is not sufficient to achieve a feasible cut, step [T^ chooses one 
edge in G randomly that belongs to Sm and gives it infinite 
weight. The algorithm iterates until a feasible solution is found 
or all edges of Sm have been given infinite weights, which 
indicates absence of any solution. 

The theoretical analysis of the exact expressions for run¬ 
time and performance guarantees of the proposed algorithms 
will be covered in a future work. In the next section, we show 
simulation results on the performance of the algorithms on 
IEEE test systems. 


V. Results on IEEE test systems 

We run simulations in Matlab Version 2009a and present 
averaged results in this section. We consider the IEEE 14 bus 
test system Q. In this system, we put phasor measurements on 
60% of the buses and flow measurements on all lines. Eigure]^ 
shows the average sizes of the best attack vectors constructed 
by our proposed solution schemes discussed in the previous 
section. As expected, the size of the attack vector increases 
with increase in the number of incorruptible measurements 
(Sm) in the system. Moreover, we plot the average size of 
■^Jindetectable attacks in the same figure to show the significant 
improvement in cardinality offered by our attack regime; the 
improvement being greater for Algorithm 2 than Algorithm 
1. Next, Eigure plots the rise in the average fraction of 
cases resilient to data attacks with number of incorruptible 
measurements (set Sm)- Observe that, unlike undetectable 
attacks that increasingly become infeasible at higher levels of 
secure measurements, feasible attacks of our proposed model 
are still designed by Algorithm 1 and 2. Thus, total resilience 


















Algorithm 2 Iterative Min-cuts for Problem 


P-3 


1: Give edge weight 1 — e in S^. Compute min-cut C in 
Gh- 


2: C ■<— \C\, Cm ^ ^ 

3: while (c < oo, 2cm > c) do 
4: if 2Cm > b + c then 

5: ^ 3— 1 — e — b{Cm b — [(c b — 1)/2J) ^ 

6: Give edge weight /3 in S^, get min-cut Ci in Gh- 

7: if I Cl = I Cl I then 

8: b^ b+1 

9: else 

10: C 3— Cl, C ■<— |C|, Cm ^ 'Yhi^C ^ Sm)^ 6 •<— 1 


11 : end if 

12 : else 

13: Randomly pick edge z G C n Sm, give oo weight. 

14: ,8 ^ 1 — e. Give weight of /3 to s Sm- Compute 

min-cut C in Gh- 

15: C 3— |C|, Cm ^ X/igC ^ 1- 

16 : end if 

17: end while 

18: if |C| ^ OO then 

19: Output optimal attack as 1 -f [|J edges of in C. 

20 : end if 


against attacks of our regime requires greater placement of 
secure measurements than that needed for protection against 
undetectable attacks. Both these figures validate our claim that 
data attacks with detection are far more potent than previously 
studied undetectable attacks. 
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Fig. 2. Average size of feasible attacks given by Algorithm 1 and 2 for IEEE 
14 bus test system with flow measurements on all lines, phasor measurements 
on 60% of the buses and protection on a fraction of measurements selected 
randomly. (5i4 > 1 + [c/2j where c is size of undetectable attack 


VI. Conclusion 

We propose a new framework of detectable data attacks on 
state estimation that operate by making the state estimator 



Fig. 3. Average fraction of simulated test cases with no feasible attacks given 
by Algorithm 1 and 2 for IEEE 14 bus test system with flow measurements 
on all lines, phasor measurements on 60% of the buses and protection on a 
fraction of measurements selected randomly. 


incorrectly label and remove good measurements as bad- 
data. The minimum number of measurements that need to 
be manipulated for a successful detectable data attack is 
upper bounded by half of that needed for previously studied 
undetectable data attacks. We show that the optimal attack 
of our regime is given by the minimum cardinality graph cut 
satisfying a feasibility constraint. We prove that the problem of 
designing the optimal detectable attack is NP-hard and present 
two approximate algorithms for it. Simulations of attack vector 
construction on IEEE 14-bus system demonstrate that our 
attack regime undermines the security of state estimation 
further than current attack models. We are currently studying 
guarantees on the performance of our algorithms and design 
of protection schemes against our attack framework. 
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